[tor-bugs] #20348 [Circumvention/Censorship analysis]: Allot Communications blocking of vanilla Tor, obfs4, and meek in Kazakhstan, starting 2016-06
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Apr 19 08:28:59 UTC 2020
#20348: Allot Communications blocking of vanilla Tor, obfs4, and meek in
Kazakhstan, starting 2016-06
-----------------------------------------------+--------------------------
Reporter: dcf | Owner: (none)
Type: project | Status: reopened
Priority: Medium | Milestone:
Component: Circumvention/Censorship analysis | Version:
Severity: Normal | Resolution:
Keywords: censorship block kz | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-----------------------------------------------+--------------------------
Comment (by DoopPowder112):
Replying to [comment:143 dcf]:
> kzblocked provided some more information on IRC.
> But you can bypass it by putting HTTP-like bytes inside the random
padding of the obfs4 client handshake. The padding is ordinarily filled
with random bytes. Filling the padding with zeroes does not bypass as
reliably.
I'm pretty confident I know how it works. DPI research papers merely deal
with theoretical attacks, but Brandon Wiley bought copies of physical DPI
hardware and knows exactly how it works. The main thing they do is look
for signatures in the first packet. The second main thing is look for
packet lengths. In this case I believe it is the third most common attack
which is to look at how frequently each byte value occurs to measure
entropy. https://youtu.be/IfLh3tr2amk?t=1334 (start at 18:20 but 22:14 is
where it gets relevant) The solution is to send more of certain byte
values than others to decrease entropy. I find it interesting that someone
on this ticket said FTE worked.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20348#comment:211>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list